def grant_access(self, username, databases): if self._get_user(username, None).name != username: raise exception.BadRequest( _('Cannot grant access for non-existant user: '******'%(user)s') % {'user': username}) else: user = models.CouchDBUser() user.name = username if not self._is_modifiable_user(user.name): LOG.warning( _('Cannot grant access for reserved user ' '%(user)s') % {'user': username}) if not user: raise exception.BadRequest( _('Cannot grant access for reserved or non-existant user ' '%(user)s') % {'user': username}) for db_name in databases: out, err = utils.execute_with_timeout( system.GRANT_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db_name, 'username': username }, shell=True)
def _get_user(self, username, hostname): user = models.CouchDBUser() user.name = username db_names = self.list_database_names() for db in db_names: try: out, err = utils.execute_with_timeout( system.DB_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db }, shell=True) except exception.ProcessExecutionError: LOG.debug( "Error while trying to get the users for database: %s." % db) continue evalout = ast.literal_eval(out) if evalout: members = evalout['members'] names = members['names'] for i in range(0, len(names)): if user.name == names[i]: user.databases = db return user
def _admin_user(self): if not type(self).admin_user: creds = CouchDBCredentials() creds.read(system.COUCHDB_ADMIN_CREDS_FILE) user = models.CouchDBUser(creds.username, creds.password) type(self).admin_user = user return type(self).admin_user
def list_users(self, limit=None, marker=None, include_marker=False): '''List all users and the databases they have access to.''' users = [] db_names = self.list_database_names() try: out, err = utils.execute_with_timeout( system.ALL_USERS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password }, shell=True) except exception.ProcessExecutionError: LOG.debug("Error while trying to get list of all couchdb users") evalout = ast.literal_eval(out) rows = evalout['rows'] userlist = [] for i in range(0, len(rows)): row = rows[i] uname = row['key'] if not self._is_modifiable_user(uname): break elif uname[17:]: userlist.append(uname[17:]) for i in range(len(userlist)): user = models.CouchDBUser() user.name = userlist[i] for db in db_names: try: out2, err = utils.execute_with_timeout( system.DB_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db }, shell=True) except exception.ProcessExecutionError: LOG.debug( "Error while trying to get users for database: %s." % db) continue evalout2 = ast.literal_eval(out2) if evalout2: members = evalout2['members'] names = members['names'] for i in range(0, len(names)): if user.name == names[i]: user.databases = db users.append(user.serialize()) next_marker = None return users, next_marker
def enable_root(self, root_pwd=None): '''Create admin user root''' if not root_pwd: LOG.debug('Generating root user password.') root_pwd = utils.generate_random_password() root_user = models.CouchDBUser() root_user.name = 'root' root_user.password = root_pwd out, err = utils.execute_with_timeout( system.ENABLE_ROOT % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'password': root_pwd }, shell=True) return root_user.serialize()
def create_user(self, users): LOG.debug("Creating user(s) for accessing CouchDB database(s).") self._admin_user() try: for item in users: user = models.CouchDBUser() user.deserialize(item) try: LOG.debug("Creating user: %s." % user.name) utils.execute_with_timeout( system.CREATE_USER_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'username': user.name, 'username': user.name, 'password': user.password }, shell=True) except exception.ProcessExecutionError as pe: LOG.exception(_("Error creating user: %s.") % user.name) pass for database in user.databases: mydb = models.CouchDBSchema() mydb.deserialize(database) try: LOG.debug("Granting user: %s access to database: %s." % (user.name, mydb.name)) out, err = utils.execute_with_timeout( system.GRANT_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': mydb.name, 'username': user.name }, shell=True) except exception.ProcessExecutionError as pe: LOG.debug("Error granting user: %s access to" "database: %s." % (user.name, mydb.name)) LOG.debug(pe) pass except exception.ProcessExecutionError as pe: LOG.exception( _("An error occurred creating users: %s.") % pe.message) pass
def delete_user(self, user): LOG.debug("Delete a given CouchDB user.") couchdb_user = models.CouchDBUser() couchdb_user.deserialize(user) db_names = self.list_database_names() for db in db_names: userlist = [] try: out, err = utils.execute_with_timeout( system.DB_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db }, shell=True) except exception.ProcessExecutionError: LOG.debug( "Error while trying to get the users for database: %s." % db) continue evalout = ast.literal_eval(out) if evalout: members = evalout['members'] names = members['names'] for i in range(0, len(names)): couchdb_user.databases = db userlist.append(names[i]) if couchdb_user.name in userlist: userlist.remove(couchdb_user.name) out2, err2 = utils.execute_with_timeout( system.REVOKE_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db, 'username': userlist }, shell=True) try: out2, err = utils.execute_with_timeout( system.DELETE_REV_ID % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password }, shell=True) evalout2 = ast.literal_eval(out2) rows = evalout2['rows'] userlist = [] for i in range(0, len(rows)): row = rows[i] username = "******" + couchdb_user.name if row['key'] == username: rev = row['value'] revid = rev['rev'] utils.execute_with_timeout(system.DELETE_USER_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'username': couchdb_user.name, 'revid': revid }, shell=True) except exception.ProcessExecutionError as pe: LOG.exception( _("There was an error while deleting user: %s.") % pe) raise exception.GuestError( _("Unable to delete user: %s.") % couchdb_user.name)